Search in sources :

Example 31 with CertificateAuthorityServiceClient

use of com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient in project java-security-private-ca by googleapis.

the class ActivateSubordinateCa method activateSubordinateCA.

// Activate a subordinate CA.
// *Prerequisite*: Get the CSR of the subordinate CA signed by another CA. Pass in the signed
// certificate and (issuer CA's name or the issuer CA's Certificate chain).
// *Post*: After activating the subordinate CA, it should be enabled before issuing certificates.
public static void activateSubordinateCA(String project, String location, String pool_Id, String certificateAuthorityName, String subordinateCaName, String pemCACertificate) throws ExecutionException, InterruptedException, IOException {
    // clean up any remaining background resources.
    try (CertificateAuthorityServiceClient certificateAuthorityServiceClient = CertificateAuthorityServiceClient.create()) {
        // Subordinate CA parent.
        String subordinateCaParent = CertificateAuthorityName.of(project, location, pool_Id, subordinateCaName).toString();
        // Construct the "Activate CA Request".
        ActivateCertificateAuthorityRequest activateCertificateAuthorityRequest = ActivateCertificateAuthorityRequest.newBuilder().setName(subordinateCaParent).setPemCaCertificate(pemCACertificate).setSubordinateConfig(SubordinateConfig.newBuilder().setCertificateAuthority(CertificateAuthorityName.of(project, location, pool_Id, certificateAuthorityName).toString()).build()).build();
        // Activate the CA.
        ApiFuture<Operation> futureCall = certificateAuthorityServiceClient.activateCertificateAuthorityCallable().futureCall(activateCertificateAuthorityRequest);
        Operation response = futureCall.get();
        if (response.hasError()) {
            System.out.println("Error while activating the subordinate CA! " + response.getError());
            return;
        }
        System.out.println("Subordinate Certificate Authority activated successfully ! !" + subordinateCaName);
        TimeUnit.SECONDS.sleep(3);
        // The current state will be STAGED.
        // The Subordinate CA has to be ENABLED before issuing certificates.
        System.out.println("Current State: " + certificateAuthorityServiceClient.getCertificateAuthority(subordinateCaParent).getState());
    }
}
Also used : CertificateAuthorityServiceClient(com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient) Operation(com.google.longrunning.Operation) ActivateCertificateAuthorityRequest(com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)

Aggregations

CertificateAuthorityServiceClient (com.google.cloud.security.privateca.v1.CertificateAuthorityServiceClient)31 Operation (com.google.longrunning.Operation)14 Test (org.junit.Test)9 Certificate (com.google.cloud.security.privateca.v1.Certificate)8 ByteString (com.google.protobuf.ByteString)6 CertificateAuthority (com.google.cloud.security.privateca.v1.CertificateAuthority)5 CaPoolName (com.google.cloud.security.privateca.v1.CaPoolName)3 State (com.google.cloud.security.privateca.v1.CertificateAuthority.State)3 CertificateAuthorityName (com.google.cloud.security.privateca.v1.CertificateAuthorityName)3 SubjectConfig (com.google.cloud.security.privateca.v1.CertificateConfig.SubjectConfig)3 CertificateName (com.google.cloud.security.privateca.v1.CertificateName)3 CertificateTemplate (com.google.cloud.security.privateca.v1.CertificateTemplate)3 X509Parameters (com.google.cloud.security.privateca.v1.X509Parameters)3 CaPool (com.google.cloud.security.privateca.v1.CaPool)2 IssuancePolicy (com.google.cloud.security.privateca.v1.CaPool.IssuancePolicy)2 KeyVersionSpec (com.google.cloud.security.privateca.v1.CertificateAuthority.KeyVersionSpec)2 CreateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.CreateCertificateAuthorityRequest)2 CreateCertificateRequest (com.google.cloud.security.privateca.v1.CreateCertificateRequest)2 ActivateCertificateAuthorityRequest (com.google.cloud.security.privateca.v1.ActivateCertificateAuthorityRequest)1 CertificateIdentityConstraints (com.google.cloud.security.privateca.v1.CertificateIdentityConstraints)1